System files are the ones that make you nervous. Executables, installers, disk images, packages — these files can do things to your computer, which is why the safety rating matters more here than in any other category. The rule is simple: if you didn't ask for it, don't open it.
Every operating system has its own executable and installer format. Windows has EXE and MSI. macOS has DMG and PKG. Linux has DEB and RPM. Android has APK. iOS has IPA (though Apple doesn't let you sideload them). These formats exist because installing software requires system-level access — writing files, modifying settings, registering services — and each OS handles that access differently.
The safety spectrum in this category ranges from "probably fine" (a DMG from a developer's website) to "exercise extreme caution" (an EXE from an email attachment). Code signing, platform gatekeepers (Gatekeeper, SmartScreen, Play Protect), and antivirus scanning exist specifically because this category of files is where malware lives.
Sideloading APKs from outside the Play Store carries malware risk. Only install from trusted sources.
Application bundles run code on your Mac. Only install apps from the App Store, identified developers, or sources you trust.
Runs code with your user permissions. No sandboxing. Only download AppImages from the developer's official site.
Generic binary — could contain anything. Firmware .bin files can modify hardware. Disc image .bin files are generally safe media data.
DEB packages install software with system-level access. Only install from trusted repositories.
DLL files contain executable code. Never download DLLs from untrusted websites — this is a common malware vector.
DMG files can contain any software. Only open DMGs from trusted developers. macOS Gatekeeper will warn you about unsigned apps.
Compiled binary code. System dylibs are protected by SIP. Only install dylibs from trusted sources.
EXE files can execute arbitrary code on your computer. Only run executables from trusted sources. Scan with antivirus before opening.
Application package. Sandboxed but still runs code. Install from Flathub or trusted sources.
Disk images can contain any data including bootable operating systems. Writing to a USB drive overwrites all existing data on that drive.
IPA files cannot be sideloaded on standard iOS devices. Enterprise or developer-signed IPAs from untrusted sources may compromise device security.
ISO files can contain any software. Only mount ISOs from trusted sources.
MSI files install software on your computer. Only install from trusted sources.
Contains a complete VM including an operating system and applications. Only import OVAs from trusted sources — they can contain any software.
PKG files install software and can run scripts with elevated permissions. Only install from trusted developers.
REG files modify Windows system settings. Never run .reg files from untrusted sources. Always review contents in a text editor before importing.
RPM packages install software with system-level access. Only install from trusted repositories.
Application package. Snaps are sandboxed but still run code. Install only from the official Snap Store or trusted sources.
Compiled binary code. Only install shared libraries from trusted package repositories.
Kernel-mode driver with full system access. SYS files from untrusted sources can compromise your entire system.